New York state begins probe into Apple's FaceTime vulnerability

2»

Comments

  • Reply 21 of 26
    Strange that the New York State's Attorney General (NYAG) doesn't go after facebook and google.  Wonder if the NYAG has stock in facebook and google or being a puppet of either facebook or google.
  • Reply 22 of 26
    Bad Apple! Only State-sponsored eavesdropping is allowed! 
  • Reply 23 of 26
    LatkoLatko Posts: 398member
    MplsP said:
    I support this. If Apple was aware of the situation, but failed to take precautions until *after* they received media attention, then they should be held accountable.
    I support this. If Apple was aware of the situation, but failed to take precautions until *after* they received media attention, then they should be held accountable.

    You realize that bugs are commonly known about (or reported) long before a company fixes them, right? It’s common practice to keep things secret while you’re working on a fix. You don’t want the public (or bad actors) to know about the issue. Then you can release a fix before people even know there was a problem.

    No doubt Apple was working on a fix when this news broke, and disabled FaceTime only after it became public. If this news story wasn’t reported it’s likely the next iOS release would have fixed the issue and nobody would have been the wiser.

    I don’t see how Apple did anything wrong.
    lkrupp said:
    So within 24 hours of this breaking we have a lawsuit by some lawyer in Texas and a New York State investigation started. When Samsung phones started to randomly send your pictures to people in your contacts list did things happen this quickly or even at all? Just asking. When Alexa was discovered to be listening in did Governor Cuomo start an investigation? Just asking.
    Apple reportedly 'knew' about the bug for a week before the story broke, but it's not clear if anyone in a position to do anything knew about it, of if that's just when the form was submitted. In an organization like Apple that is large and likely receives thousands of such reports a day, it would not be surprising if it took several days for someone to review the bug, do some testing to verify it, elevate it to the appropriate level and for someone who actually had the power to respond to take appropriate action.

    After reports became public they rapidly shut down the service, effectively closing the bug until a patch can be issued. Whether that was because of the initial bug report or because of the media reports and publicity is unknown, but all things considered, I think Apple responded in a reasonable manner. 

    Clearly, this was a bug, but I don't see how it's that much different from the thousands of other bugs that we read about.  
    Whatever the outcome, one day Tim will say they “did it to protect the customer”
    edited January 2019 williamlondon
  • Reply 24 of 26
    jdw said:
    Another fascinating decision here by AppleInsider.  This article is highly political, yet freedom reigns and comments are allowed.  I of course think liberty for all is always good, but it is curious how decisions are made to ban comments on similar articles which are equally or even lesser so political.  Fascinating.
    Sad but the truth (hint AI) welcome to the new world.
  • Reply 25 of 26
    sflocal said:
    It's a probe, nothing more.  Either they will find enough evidence during discovery to show that Apple knowingly hid the vulnerability, or they will decide that Apple acted as quickly as it could.
    Yeah, and I doubt Apple would be surprised by legal inquiries into this or someone trying to file a lawsuit. A large company like Apple should be able to provide a comprehensive timeline of how the original report was processed and escalated. It's unlikely that their system for addressing bugs/vulnerabilities doesn't take these kinds of legal possibilities into account in terms of how they're set up. 
  • Reply 26 of 26
    larryjwlarryjw Posts: 1,036member
    I support this. If Apple was aware of the situation, but failed to take precautions until *after* they received media attention, then they should be held accountable.

    You realize that bugs are commonly known about (or reported) long before a company fixes them, right? It’s common practice to keep things secret while you’re working on a fix. You don’t want the public (or bad actors) to know about the issue. Then you can release a fix before people even know there was a problem.

    No doubt Apple was working on a fix when this news broke, and disabled FaceTime only after it became public. If this news story wasn’t reported it’s likely the next iOS release would have fixed the issue and nobody would have been the wiser.

    I don’t see how Apple did anything wrong.
    You don't understand bugs, debugging, fixing bugs. Bugs are kept secret only if there is a reason to. Security flaws would certainly be one of the reasons. But, many bugs are known, public, and fixed based on priorities and other factors. 

    It's not clear Apple was working on a fix when the news broke. I have little doubt the bug was working its way up the chain of responsibility when the news broke -- that doesn't mean they were working on a fix. More likely they were still in the analysis phase, determining the conditions under which the flaw would appear, determining its seriousness. I'm also certain they didn't disable FaceTime because it became public -- they disabled it because it was a serious flaw and it was going to take time to design and test the remedy, and determine if similar flaws not yet reported or experienced needed to be fixed. 

    This particular flaw does not seem to be one in which some programmer failed to increment a counter, but a design flaw in the service itself, requiring some reanalysis -- like reordering the code execution, or semaphoring parallel processes to prevent some code from proceeding until the system was in the correct state to continue. 
    williamlondon
Sign In or Register to comment.